25 matches found
Apache Kvrocks Information Disclosure Vulnerability
Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...
CVE-2025-59790
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
CVE-2025-59792
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
CVE-2025-59790
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
CVE-2025-59792
CVE-2025-59792 affects Apache Kvrocks 1.0.0–2.13.0, where the MONITOR command discloses plaintext credentials. Root cause is information disclosure via MONITOR exposure to non-admins. Impact is exposure of sensitive data; CVSS vector indicates network access, low integrity/availability impact. A ...
CVE-2025-59792 Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
CVE-2025-59790 Apache Kvrocks: RESET command grants admin privileges
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
EUVD-2025-199878
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
CVE-2025-59790 Apache Kvrocks: RESET command grants admin privileges
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue...
EUVD-2025-4010
Malicious code in bioql PyPI...
EUVD-2025-12324
Malicious code in bioql PyPI...
CVE-2025-26413
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
CVE-2025-26413
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
CVE-2025-26413
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
CVE-2025-26413
CVE-2025-26413 describes an improper input validation in Apache Kvrocks where the SETRANGE command does not verify that the offset input is a positive integer, using it as a string index and potentially causing a server crash (out-of-range index). Affected versions are Kvrocks up to 2.11.1; remed...
CVE-2025-26413 Apache Kvrocks: The server was crashed by the negative offset
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
CVE-2025-26413 Apache Kvrocks: The server was crashed by the negative offset
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
PT-2025-17489 · Apache · Apache Kvrocks
Name of the Vulnerable Software and Affected Versions: Apache Kvrocks versions through 2.11.1 Description: The issue is related to improper input validation in the SETRANGE command, which fails to check if the offset input is a positive integer. This can cause the server to crash due to an...
CVE-2025-25069
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...
CVE-2025-25069
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained...